In user story form, this RFE might be:
As a cloud operator, I want to run my Ansible playbooks from my own machine against my OSP-director managed overcloud controller, compute, and storage nodes so that I can debug and inspect my OpenStack environment.
The background is:
Ansible has a hosts inventory - this is where you list your hosts, and groups of hosts, so that you can run playbooks against them:
It also has the notion of a dynamic inventory:
With dynamic inventory, rather than store your hosts in a text file, Ansible looks to some other system for information about hosts. And yes, there's an example there for an OpenStack dynamic inventory.
The idea is that OSP director users should be very easily to set up a dynamic inventory which talks to the undercloud and which would allow them to easily run ad-hoc playbooks against their overcloud nodes. They should first be able to easily distribute their SSH key to those nodes, also.
To be clear - the use case isn't about using Ansible to install and configure software on overcloud nodes.
There was one previous effort along these lines by Graeme:
and I remember a brief "ansible on the undercloud" thread on this (the context was os-log-merger), which then spawn this thread:
and some follow-on discussions in Austin. A key point of clarification for me is that the requirement should not be "ansible on the undercloud", but instead "ansible using the undercloud for dynamic inventory".
Other related efforts:
https://github.com/openstack/tripleo-validations/blob/master/scripts/tripleo-ansible-inventory (dynamic inventory used by TripleO validations)
Also I had to read this a couple times to truly understand the ask. If I understand correctly, this is the primarily quote:
A key point of clarification for me is that the requirement should not be
"ansible on the undercloud", but instead "ansible using the undercloud for
Basically, this request is to connect to the undercloud as the backing store from a laptop in order to provide post-deployment configuration to an overcloud.
laptop --> overcloud
I've been doing some performance testing using Browbeat  and came across something similar to this. Browbeat includes a script, generate_tripleo_hostfile.sh , which you run after deploying an overcloud. It generates an ssh-config file and ansible hosts file. You can then use that to run ansible against the overcloud.
The really handy thing is that this can be used from your laptop. For example, I have an undercloud machine and 12 overcloud machines in a lab. From my laptop, I just ran:
$ ./generate_tripleo_hostfile.sh b09-h01-r620.rdu.openstack.engineering.redhat.com
and now I can easily run ansible against my overcloud from my laptop. The ssh config it generates makes it so ansible will ssh through the undercloud machine to get to the overcloud machines on the management network.
For example, to run something on all of the controllers:
$ ansible controller -i hosts -a "uname -r"
overcloud-controller-2 | SUCCESS | rc=0 >>
overcloud-controller-1 | SUCCESS | rc=0 >>
overcloud-controller-0 | SUCCESS | rc=0 >>
Similarly, I can run a command against all of the compute nodes using "ansible compute".
Thanks Russell! We have started to talk about moving this bash script to python, anyone interested in helping out with this effort
We needed a solution a bit more abstracted so other clouds could take advantage of the host generation.
$ rpm -qpl openstack-tripleo-validations-5.1.0-5.el7ost.noarch.rpm | grep inventory
Marking this as fixed in version openstack-tripleo-validations-5.1.0-5.el7ost
Just to confirm, this works OK on OSP10 (example executing a shell command on all overcloud nodes)
ansible overcloud -i /bin/tripleo-ansible-inventory -u heat-admin --ssh-extra-args='-o StrictHostKeyChecking=no' -m shell -a "ip a | grep inet\ “ > output.txt
There are other hostgroups available such as compute, storage, controller, etc
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.